General discussion

NEWS - January 11, 2007

Port 2968 big rise - related to Symantec AV?

Last Updated: 2007-01-11 04:36:52 UTC
by Jason Lam (Version: 1)
Port 2968 is getting quite a jump recently. Take a look at the graph below.

Read more:

Discussion is locked

Reply to: NEWS - January 11, 2007
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - January 11, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Microsoft: Home Server sports serious security

Thursday, 11 January 2007, 1:15 AM CET

Microsoft's upcoming Windows Home Server software will include security features taken from its enterprise-grade Windows Server 2003 software, but will not work as a central distributor for patches to PCs on the home network, a Microsoft executive said Wednesday.

Read more:

- Collapse -
Microsoft confirms NSA's role in Vista security

Thursday, 11 January 2007, 12:27 AM CET

The NSA's involvement with Windows Vista -- which was confirmed by Microsoft this week -- is not the first time the NSA has provided guidance to Redmond. The NSA previously collaborated with Microsoft on the best methods to secure Windows XP and Windows 2000. The agency also has been credited with reviewing the Vista Security Guide published on Microsoft's Web site.

- Collapse -
New PayPal key to help thwart phishers

Additional password-generating security measure should be opened to beta users within the next month

Over the next few months, Ebay will be offering its PayPal users a new tool in the fight against phishers: a $5 security key.

The security key is actually a small electronic device, designed to clip on to a keychain, that calculates a new numeric password every 30 seconds. PayPal users who sign up to use the device will need to enter their regular passwords as well as the number displayed on the key whenever they log in to the online payment service.

- Collapse -
Free hacker scan for universities, nonprofits

Acunetix is offering universities and nonprofit organizations a free Web site security scan and reporting service

Web application security vendor Acunetix Wednesday announced it would make available for free a Web site security scan and reporting service to universities and nonprofit organizations.

- Collapse -
Open source to go under the radar in 2007

Posted by Dana Blankenhorn

We are only two weeks into 2007 and one trend already seems clear.
Open source will fly under the radar in 2007.

The media explosion that hit after the realization Linux was competitive with Windows in the server business and the SCO suit is getting old.

New stories have replaced it. Windows Vista. The Apple iPhone (or whatever). Wireless gadgets of all types are now the official story of the decade.

Open source, by contrast, is for geeks.

Read more:

- Collapse -
Next versions of Internet Explorer, Firefox taking shape

Posted by Mary Jo Foley

Microsoft and the Mozilla Foundation are pushing ahead with their respective next versions of their Web browsers. Their methods are different, but many of their priorities are ? at least in theory ? quite similar.

The Mozilla Foundation has published to a public wiki a list of its developers' plans for Firefox 3 (code-named "Gran Paradiso). Gran Paradiso is slated to be available in the third/fourth quarter of 2007 timeframe.

Microsoft disclosed last summer that the IE team is working on the next two releases of Internet Explorer (IE). But the company isn't expected to show a prototype of its work until the Microsoft Mix '07 conference in late April 2007.

Read more:

- Collapse -
Bug eats into Apple security patch software

Apple bug project finds a vulnerability in rival group's software

Matt Chapman, 11 Jan 2007

The group behind the Month of Apple Bugs (Moab) project has found a flaw in software designed to fix security issues on Apple Macs.

The vulnerability affects the Application Enhancer (Ape) software, which was designed by a rival group trying to combat the flaws highlighted by Moab.

The bug could allow malicious users on a local system to replace Ape's binary code and take control of the root privileges on a computer.

Read more:

- Collapse -
IT security experts warn of phishing kit peril

Universal Man-in-the-Middle phishing kit discovered by RSA

Robert Jaques, 11 Jan 2007

Security experts have warned that a previously undocumented phishing kit is being sold and used online by fraudsters.

The newly uncovered Universal Man-in-the-Middle Phishing Kit is designed to allow cyber-criminals to create sophisticated attacks against global organisations in which the victims communicate with a legitimate website via a fraudulent URL.

Security firm RSA's Anti-Fraud Command Center warned that this allows the fraudster to capture victims' personal information in real time.

Read more:

- Collapse -
Microsoft Patches Mac Office

The updates to Office 2004 for Mac and Office v.X for Mac released Tuesday patched five vulnerabilities in the suites' Excel spreadsheet.

By Gregg Keizer

Jan 11, 2007 11:44 AM

Microsoft updated its Office suite for the Mac to quash several bugs in the Excel spreadsheet and get the software ready for new Daylight Savings Time rules that go into effect in March.

The updates to Office 2004 for Mac and Office v.X for Mac released Tuesday patched five vulnerabilities in the suites' Excel spreadsheet that could let attackers hijack a computer by duping users into opening malformed worksheets. Microsoft ranked the flaws as "important," the second-most dangerous rating in its four-level threat scoring system. These updates, said Microsoft, include "fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code."

The Redmond, Wash., developer also patched the Windows versions of Excel Tuesday.

Read more:

- Collapse -
Google annoys Web site owners with malware alerts

They say their sites are just fine

Jeremy Kirk

January 11, 2007 (IDG News Service) -- Some Web site operators are complaining that Google Inc. is flagging their sites as containing malicious software, when they believe their sites are harmless.

At issue is an "interstitial" page that appears after a user has clicked on a link within Google's search engine results. If Google believes a site contains malware, the page will appear, saying "Warning -- visiting this Web site may harm your computer!"

Google does not block access to the sites, but a user would have to manually type in a Web site address to continue. Organizations are complaining their sites do not contain malicious software, and say the warning is embarrassing.

"We have no bad software or installs or anything that would indicate a need to ban people from viewing our site," wrote Matt Blatchley, who works for the Greenbush Southeast Kansas Education Service Center, in a posting last Friday to Google Groups.

Google's warning page contains a link to, a project designed to study legal and technical issues concerning spyware, adware and other malicious software.

Read more:

- Collapse -
'Month of Apple Bugs' turns up 10 vulnerabilities -- so far

There's more to come, says one of the researchers behind the effort

Jaikumar Vijayan

January 11, 2007 (Computerworld) -- A month-long campaign by two independent security researchers to disclose security flaws in Apple Inc.'s products has so far resulted in 10 vulnerabilities being publicly disclosed -- and several more on the verge of being announced. Exploit information has also been published, along with proof-of-code detailing how to take advantage of the flaws, several of which were described as being remotely exploitable by the researchers.

The disclosures are part of a Month of Apple Bugs (MoAB) effort launched on Jan. 1 by independent security researcher Kevin Finisterre and another researcher identified only by the initials LMH.

Read more:

- Collapse -
Mac flaw puts Safari surfers at risk

By Dawn Kawamoto, CNET
Published on ZDNet News: January 11, 2007, 11:54 AM PT

ZDNet Tags: Mac OS, Security threats, Apple Computer Inc
A serious security flaw in Mac OS X opens machines with Apple's Safari Web browser to hijack by outsiders, Secunia has warned.

The vulnerability and "proof of concept" code to exploit it were released on Wednesday as part of the Month of Apple Bugs project. It affects Mac OS X 10.4.8, the most recent version of Apple's operating system and, possibly, previous versions, security researcher LMH said in the posting on MOAB's Web site.

The flaw can be exploited if the Mac user has enabled an option in Safari to "open safe files after downloading," Secunia said in an advisory Thursday. The security company has rated the problem "highly critical."

Read more:

- Collapse -
CA backup and recovery solution contains flaws

Dan Kaplan Jan 11 2007 22:34
Two vulnerabilities were reported today in a CA backup and recovery solution that, if exploited, could allow an attacker to execute remote code and gain unauthorized administrative privileges.

The flaws, discovered by the X-Force research and development team at IBM Internet Security Systems (ISS), are found in CA Brightstor ARCserve, a storage solution largely deployed by small- and medium-size businesses.

According to IBM ISS advisories released today, the two bugs are similar and can be exploited through a stack-based buffer overflow. This could lead to the exposure of confidential information, loss in productivity and a compromised network.

Read more:

- Collapse -
Vulnerability reported in Snort intrusion prevention system

Dan Kaplan Jan 11 2007 21:36
Researchers from the University of Wisconsin in Madison have discovered a vulnerability in open-source intrusion prevention technology Snort which can be exploited to launch a DoS attack.

Vulnerability tracking firm Secunia graded the flaw "less critical," according to an advisory released today. The rule-matching algorithm of Snort can be exploited remotely to run time-consuming operations that cannot be detected and can lead to a DoS condition, the advisory explained.

The bug was reported in version 2.4.3.

Users are urged to update to the latest version.

Read more:

CNET Forums

Forum Info